Full Disclosure mailing list archives
Re: Re: [ GLSA 200601-09 ] Wine:Windows MetafileSETABORTPROC vulnerability
From: bkfsec <bkfsec () sdf lonestar org>
Date: Fri, 13 Jan 2006 18:22:23 -0500
Peter Ferrie wrote:
I agree - I was focusing on how Gibson described it and his justification of it being a planted vulnerability. *shrug*bkfsec:The way I read what he's saying there, he's saying that you enter malformed input and that malformed input pushes the executable code into position to be executed...There is no need for malformed input, though. The description isn't great, since upon return from the function, Windows will resume parsing the records in the usual way. 8^) p.
-bkfsec
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Re: [ GLSA 200601-09 ] Wine: Windows MetafileSETABORTPROC vulnerability Todd Towles (Jan 13)
- Re: Re: [ GLSA 200601-09 ] Wine: Windows MetafileSETABORTPROC vulnerability bkfsec (Jan 13)
- RE: Re: [ GLSA 200601-09 ] Wine:Windows MetafileSETABORTPROC vulnerability Peter Ferrie (Jan 13)
- Re: Re: [ GLSA 200601-09 ] Wine:Windows MetafileSETABORTPROC vulnerability eric williams (Jan 13)
- RE: Re: [ GLSA 200601-09 ] Wine:Windows MetafileSETABORTPROC vulnerability Peter Ferrie (Jan 15)
- Re: Re: [ GLSA 200601-09 ] Wine:Windows MetafileSETABORTPROC vulnerability bkfsec (Jan 13)
- RE: Re: [ GLSA 200601-09 ] Wine:Windows MetafileSETABORTPROC vulnerability Peter Ferrie (Jan 13)
- Re: Re: [ GLSA 200601-09 ] Wine: Windows MetafileSETABORTPROC vulnerability bkfsec (Jan 13)